npm - @memo-code/memo - Versions diffs - 0.8.0 → 0.8.5 - Mend

@memo-code/memo 0.8.0 → 0.8.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (452) hide show

package/dist/web/server/app.controller.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export declare class AppController {
+    healthz(): {
+        status: string;
+        service: string;
+    };
+}

package/dist/web/server/app.controller.js ADDED Viewed

@@ -0,0 +1,33 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppController = void 0;
+const common_1 = require("@nestjs/common");
+const public_decorator_1 = require("./auth/public.decorator");
+let AppController = class AppController {
+    healthz() {
+        return {
+            status: 'ok',
+            service: 'memo-web-server',
+        };
+    }
+};
+exports.AppController = AppController;
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, common_1.Get)('healthz'),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", []),
+    __metadata("design:returntype", void 0)
+], AppController.prototype, "healthz", null);
+exports.AppController = AppController = __decorate([
+    (0, common_1.Controller)()
+], AppController);

package/dist/web/server/app.module.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { MiddlewareConsumer, type NestModule } from '@nestjs/common';
+export declare class AppModule implements NestModule {
+    configure(consumer: MiddlewareConsumer): void;
+}

package/dist/web/server/app.module.js ADDED Viewed

@@ -0,0 +1,61 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppModule = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const access_token_guard_1 = require("./auth/access-token.guard");
+const auth_module_1 = require("./auth/auth.module");
+const app_controller_1 = require("./app.controller");
+const api_error_filter_1 = require("./common/filters/api-error.filter");
+const api_response_interceptor_1 = require("./common/interceptors/api-response.interceptor");
+const request_logging_middleware_1 = require("./common/middleware/request-logging.middleware");
+const server_config_module_1 = require("./config/server-config.module");
+const chat_module_1 = require("./chat/chat.module");
+const mcp_module_1 = require("./mcp/mcp.module");
+const sessions_module_1 = require("./sessions/sessions.module");
+const skills_module_1 = require("./skills/skills.module");
+const stream_module_1 = require("./stream/stream.module");
+const ws_gateway_module_1 = require("./ws/ws-gateway.module");
+const workspaces_module_1 = require("./workspaces/workspaces.module");
+let AppModule = class AppModule {
+    configure(consumer) {
+        consumer.apply(request_logging_middleware_1.RequestLoggingMiddleware).forRoutes('*');
+    }
+};
+exports.AppModule = AppModule;
+exports.AppModule = AppModule = __decorate([
+    (0, common_1.Module)({
+        imports: [
+            server_config_module_1.ServerConfigModule,
+            workspaces_module_1.WorkspacesModule,
+            auth_module_1.AuthModule,
+            sessions_module_1.SessionsModule,
+            stream_module_1.StreamModule,
+            chat_module_1.ChatModule,
+            mcp_module_1.McpModule,
+            skills_module_1.SkillsModule,
+            ws_gateway_module_1.WsGatewayModule,
+        ],
+        controllers: [app_controller_1.AppController],
+        providers: [
+            {
+                provide: core_1.APP_GUARD,
+                useClass: access_token_guard_1.AccessTokenGuard,
+            },
+            {
+                provide: core_1.APP_INTERCEPTOR,
+                useClass: api_response_interceptor_1.ApiResponseInterceptor,
+            },
+            {
+                provide: core_1.APP_FILTER,
+                useClass: api_error_filter_1.ApiErrorFilter,
+            },
+        ],
+    })
+], AppModule);

package/dist/web/server/auth/access-token.guard.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { AuthService } from './auth.service';
+export declare class AccessTokenGuard implements CanActivate {
+    private readonly reflector;
+    private readonly authService;
+    constructor(reflector: Reflector, authService: AuthService);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+}

package/dist/web/server/auth/access-token.guard.js ADDED Viewed

@@ -0,0 +1,53 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessTokenGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const public_decorator_1 = require("./public.decorator");
+const auth_service_1 = require("./auth.service");
+function extractBearerToken(authorization) {
+    if (!authorization) {
+        throw new common_1.UnauthorizedException('Missing Authorization header');
+    }
+    const [scheme, token] = authorization.split(' ');
+    if (scheme !== 'Bearer' || !token) {
+        throw new common_1.UnauthorizedException('Invalid Authorization header');
+    }
+    return token.trim();
+}
+let AccessTokenGuard = class AccessTokenGuard {
+    reflector;
+    authService;
+    constructor(reflector, authService) {
+        this.reflector = reflector;
+        this.authService = authService;
+    }
+    async canActivate(context) {
+        const isPublic = this.reflector.getAllAndOverride(public_decorator_1.IS_PUBLIC_ROUTE, [context.getHandler(), context.getClass()]);
+        if (isPublic)
+            return true;
+        const request = context.switchToHttp().getRequest();
+        const token = extractBearerToken(request.headers.authorization);
+        const payload = await this.authService.verifyAccessToken(token);
+        request.user = {
+            username: payload.sub,
+            tokenId: payload.jti,
+        };
+        return true;
+    }
+};
+exports.AccessTokenGuard = AccessTokenGuard;
+exports.AccessTokenGuard = AccessTokenGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector,
+        auth_service_1.AuthService])
+], AccessTokenGuard);

package/dist/web/server/auth/auth.controller.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { AuthService } from './auth.service';
+type LoginBody = {
+    username?: unknown;
+    password?: unknown;
+};
+type RefreshBody = {
+    refreshToken?: unknown;
+};
+export declare class AuthController {
+    private readonly authService;
+    constructor(authService: AuthService);
+    login(body: LoginBody): Promise<import("./auth.types").AuthTokenPair>;
+    refresh(body: RefreshBody): Promise<import("./auth.types").AuthTokenPair>;
+    logout(body: RefreshBody): Promise<{
+        loggedOut: boolean;
+    }>;
+}
+export {};

package/dist/web/server/auth/auth.controller.js ADDED Viewed

@@ -0,0 +1,75 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthController = void 0;
+const common_1 = require("@nestjs/common");
+const public_decorator_1 = require("./public.decorator");
+const auth_service_1 = require("./auth.service");
+function requiredString(value, field) {
+    if (typeof value !== 'string') {
+        throw new common_1.BadRequestException(`${field} is required`);
+    }
+    const trimmed = value.trim();
+    if (!trimmed) {
+        throw new common_1.BadRequestException(`${field} is required`);
+    }
+    return trimmed;
+}
+let AuthController = class AuthController {
+    authService;
+    constructor(authService) {
+        this.authService = authService;
+    }
+    async login(body) {
+        const username = requiredString(body.username, 'username');
+        const password = requiredString(body.password, 'password');
+        return this.authService.login(username, password);
+    }
+    async refresh(body) {
+        const refreshToken = requiredString(body.refreshToken, 'refreshToken');
+        return this.authService.refresh(refreshToken);
+    }
+    async logout(body) {
+        const refreshToken = requiredString(body.refreshToken, 'refreshToken');
+        await this.authService.revokeRefreshToken(refreshToken);
+        return { loggedOut: true };
+    }
+};
+exports.AuthController = AuthController;
+__decorate([
+    (0, common_1.Post)('login'),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "login", null);
+__decorate([
+    (0, common_1.Post)('refresh'),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "refresh", null);
+__decorate([
+    (0, common_1.Post)('logout'),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "logout", null);
+exports.AuthController = AuthController = __decorate([
+    (0, public_decorator_1.Public)(),
+    (0, common_1.Controller)('api/auth'),
+    __metadata("design:paramtypes", [auth_service_1.AuthService])
+], AuthController);

package/dist/web/server/auth/auth.module.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare class AuthModule {
2	+ }

package/dist/web/server/auth/auth.module.js ADDED Viewed

@@ -0,0 +1,24 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthModule = void 0;
+const common_1 = require("@nestjs/common");
+const jwt_1 = require("@nestjs/jwt");
+const auth_controller_1 = require("./auth.controller");
+const auth_service_1 = require("./auth.service");
+let AuthModule = class AuthModule {
+};
+exports.AuthModule = AuthModule;
+exports.AuthModule = AuthModule = __decorate([
+    (0, common_1.Module)({
+        imports: [jwt_1.JwtModule.register({})],
+        controllers: [auth_controller_1.AuthController],
+        providers: [auth_service_1.AuthService],
+        exports: [auth_service_1.AuthService],
+    })
+], AuthModule);

package/dist/web/server/auth/auth.service.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { JwtService } from '@nestjs/jwt';
+import { ServerConfigService } from '../config/server-config.service';
+import type { AccessTokenPayload, AuthTokenPair } from './auth.types';
+export declare class AuthService {
+    private readonly jwtService;
+    private readonly serverConfigService;
+    private readonly refreshTokenStore;
+    constructor(jwtService: JwtService, serverConfigService: ServerConfigService);
+    login(username: string, password: string): Promise<AuthTokenPair>;
+    refresh(refreshToken: string): Promise<AuthTokenPair>;
+    revokeRefreshToken(refreshToken: string): Promise<void>;
+    verifyAccessToken(accessToken: string): Promise<AccessTokenPayload>;
+    private issueTokenPair;
+    private pruneExpiredRefreshTokens;
+}

package/dist/web/server/auth/auth.service.js ADDED Viewed

@@ -0,0 +1,146 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthService = void 0;
+const node_crypto_1 = require("node:crypto");
+const common_1 = require("@nestjs/common");
+const jwt_1 = require("@nestjs/jwt");
+const server_config_service_1 = require("../config/server-config.service");
+function secureEqual(expected, actual) {
+    const expectedBuffer = Buffer.from(expected);
+    const actualBuffer = Buffer.from(actual);
+    if (expectedBuffer.length !== actualBuffer.length)
+        return false;
+    return (0, node_crypto_1.timingSafeEqual)(expectedBuffer, actualBuffer);
+}
+let AuthService = class AuthService {
+    jwtService;
+    serverConfigService;
+    refreshTokenStore = new Map();
+    constructor(jwtService, serverConfigService) {
+        this.jwtService = jwtService;
+        this.serverConfigService = serverConfigService;
+    }
+    async login(username, password) {
+        const config = await this.serverConfigService.load();
+        const auth = config.auth;
+        if (!secureEqual(auth.username, username) ||
+            !secureEqual(auth.password, password)) {
+            throw new common_1.UnauthorizedException('Invalid username or password');
+        }
+        return this.issueTokenPair(auth.username, auth);
+    }
+    async refresh(refreshToken) {
+        const config = await this.serverConfigService.load();
+        const auth = config.auth;
+        this.pruneExpiredRefreshTokens();
+        let payload;
+        try {
+            payload = this.jwtService.verify(refreshToken, {
+                secret: auth.refreshTokenSecret,
+            });
+        }
+        catch {
+            throw new common_1.UnauthorizedException('Invalid refresh token');
+        }
+        if (payload.type !== 'refresh' || !payload.sub || !payload.jti) {
+            throw new common_1.UnauthorizedException('Invalid refresh token');
+        }
+        const record = this.refreshTokenStore.get(payload.jti);
+        if (!record ||
+            record.username !== payload.sub ||
+            record.expiresAt <= Date.now()) {
+            this.refreshTokenStore.delete(payload.jti);
+            throw new common_1.UnauthorizedException('Refresh token expired or revoked');
+        }
+        this.refreshTokenStore.delete(payload.jti);
+        return this.issueTokenPair(payload.sub, auth);
+    }
+    async revokeRefreshToken(refreshToken) {
+        const config = await this.serverConfigService.load();
+        let payload = null;
+        try {
+            payload = this.jwtService.verify(refreshToken, {
+                secret: config.auth.refreshTokenSecret,
+            });
+        }
+        catch {
+            return;
+        }
+        if (payload?.jti) {
+            this.refreshTokenStore.delete(payload.jti);
+        }
+    }
+    async verifyAccessToken(accessToken) {
+        const config = await this.serverConfigService.load();
+        let payload;
+        try {
+            payload = this.jwtService.verify(accessToken, {
+                secret: config.auth.accessTokenSecret,
+            });
+        }
+        catch {
+            throw new common_1.UnauthorizedException('Invalid access token');
+        }
+        if (payload.type !== 'access' || !payload.sub || !payload.jti) {
+            throw new common_1.UnauthorizedException('Invalid access token');
+        }
+        return payload;
+    }
+    issueTokenPair(username, auth) {
+        this.pruneExpiredRefreshTokens();
+        const accessJti = (0, node_crypto_1.randomUUID)();
+        const refreshJti = (0, node_crypto_1.randomUUID)();
+        const now = Date.now();
+        const refreshExpiresAt = now + auth.refreshTokenTtlSeconds * 1000;
+        const accessToken = this.jwtService.sign({
+            sub: username,
+            type: 'access',
+            jti: accessJti,
+        }, {
+            secret: auth.accessTokenSecret,
+            expiresIn: auth.accessTokenTtlSeconds,
+        });
+        const refreshToken = this.jwtService.sign({
+            sub: username,
+            type: 'refresh',
+            jti: refreshJti,
+        }, {
+            secret: auth.refreshTokenSecret,
+            expiresIn: auth.refreshTokenTtlSeconds,
+        });
+        this.refreshTokenStore.set(refreshJti, {
+            username,
+            expiresAt: refreshExpiresAt,
+        });
+        return {
+            tokenType: 'Bearer',
+            accessToken,
+            refreshToken,
+            accessTokenExpiresIn: auth.accessTokenTtlSeconds,
+            refreshTokenExpiresIn: auth.refreshTokenTtlSeconds,
+        };
+    }
+    pruneExpiredRefreshTokens() {
+        const now = Date.now();
+        for (const [jti, record] of this.refreshTokenStore.entries()) {
+            if (record.expiresAt <= now) {
+                this.refreshTokenStore.delete(jti);
+            }
+        }
+    }
+};
+exports.AuthService = AuthService;
+exports.AuthService = AuthService = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [jwt_1.JwtService,
+        server_config_service_1.ServerConfigService])
+], AuthService);

package/dist/web/server/auth/auth.types.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import type { Request } from 'express';
+export type AccessTokenPayload = {
+    sub: string;
+    type: 'access';
+    jti: string;
+};
+export type RefreshTokenPayload = {
+    sub: string;
+    type: 'refresh';
+    jti: string;
+};
+export type AuthTokenPair = {
+    tokenType: 'Bearer';
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpiresIn: number;
+    refreshTokenExpiresIn: number;
+};
+export type RequestUser = {
+    username: string;
+    tokenId: string;
+};
+export type AuthenticatedRequest = Request & {
+    requestId?: string;
+    user?: RequestUser;
+};

package/dist/web/server/auth/auth.types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/web/server/auth/public.decorator.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const IS_PUBLIC_ROUTE = "isPublicRoute";
2	+ export declare const Public: () => import("@nestjs/common").CustomDecorator<string>;

package/dist/web/server/auth/public.decorator.js ADDED Viewed

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Public = exports.IS_PUBLIC_ROUTE = void 0;
+const common_1 = require("@nestjs/common");
+exports.IS_PUBLIC_ROUTE = 'isPublicRoute';
+const Public = () => (0, common_1.SetMetadata)(exports.IS_PUBLIC_ROUTE, true);
+exports.Public = Public;

package/dist/web/server/chat/chat.controller.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import { ChatService } from './chat.service';
+type SubmitInputBody = {
+    input?: unknown;
+};
+type ApprovalBody = {
+    decision?: unknown;
+};
+export declare class ChatController {
+    private readonly chatService;
+    constructor(chatService: ChatService);
+    createSession(body: Record<string, unknown>): Promise<import("@memo-code/core", { with: { "resolution-mode": "import" } }).LiveSessionState>;
+    listProviders(): Promise<import("./chat.types").ChatProviderRecord[]>;
+    listRuntimes(query: Record<string, unknown>): Promise<import("./chat.types").ChatRuntimeListResponse>;
+    getSession(sessionId: string): Promise<import("@memo-code/core", { with: { "resolution-mode": "import" } }).LiveSessionState>;
+    deleteSession(sessionId: string): Promise<{
+        closed: true;
+    }>;
+    submitInput(sessionId: string, body: SubmitInputBody): Promise<import("./chat.types").SessionInputResult>;
+    cancel(sessionId: string): Promise<{
+        cancelled: boolean;
+    }>;
+    compact(sessionId: string): Promise<{
+        compacted: boolean;
+        keptMessages: number;
+    }>;
+    approvalDecision(sessionId: string, fingerprint: string, body: ApprovalBody): Promise<{
+        recorded: boolean;
+    }>;
+}
+export {};